No more typing reviews! Try our Samantha, our new voice AI agent.
Vidya Shree - PeerSpot reviewer
CTO at Molecular Connections Private Limited
Real User
Top 5
Aug 17, 2024
Easy to manage, zero-trust option and supports both Linux and macOS
Pros and Cons
  • "SentinelOne supports both Linux and macOS."
  • "Also, it didn't have much incident management built in."

What is our primary use case?

It's endpoint protection that also takes care of the server.

Mainly, we [my company] have a lot of systems on Linux. So when we were looking for an EDR solution, we evaluated all three top options: SentinelOne, CrowdStrike, and Carbon Black. We found CrowdStrike to be slightly better than SentinelOne in terms of features. But the only reason we chose SentinelOne was that its Linux agent was far superior.

We review our EDR solution every year. So far, it's been SentinelOne. Earlier, it was Trend Micro, I think. So we evaluate and change our protection software almost every year.

How has it helped my organization?

It is quite easy to manage our environment with the Singularity console.

We have policies in place to isolate any suspicious behavior from the network immediately. There's even a zero-trust option that we utilize.

Moreover, visibility into the attack surface and risk is good. It's protecting quite well. We do have incidents regularly, but no major ones at all.

When it comes to threat detection and prevention, it's quite sensitive and quite good.

We do the evaluation every year, so we always see something new that comes in. We evaluate across products and then choose the best one.

What is most valuable?

SentinelOne supports both Linux and macOS. All SentinelOne features were equally supported across Windows, Linux, and Mac, whereas CrowdStrike was more heavy on the Windows side. They did not support all features on Linux.

The Singularity console provides a unified view. But we already had similar dashboards available to the ones we had engineered ourselves. So it's not a deal-breaker. For us, it was about supporting multiple operating systems. That was more important. So, these dashboards we have are third-party tools integrated with SentinelOne.

What needs improvement?

SentinelOne could work on a more centralized dashboard.

Also, it didn't have much incident management built in.

Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.

For how long have I used the solution?

We've been using it all across for the last three years.

What do I think about the stability of the solution?

So far, I didn't face any major issue with stability. They communicate in advance about any maintenance downtime or updates. But so far, we haven't faced any outages.

What do I think about the scalability of the solution?

Scalability is quite seamless. We have people who work from home also. There are no issues. It scales across geographies, and we haven't had any problems.

How are customer service and support?

The customer service and support are good. Their responses are quick. We normally interact with them only over emails or their forums.

We never had to talk to them or call anybody. It's always been emails or forums, and it's been efficient.

The forums are really good, actually. As long as you follow their forums, that's more than enough, at least for us. I don't know about others, but for us, we found that asynchronous communication is more than sufficient.

Which solution did I use previously and why did I switch?

CrowdStrike was a bit better in terms of features. They had a much more centralized dashboard for tracking, In case of investigating incidents, the evaluating mitigation plans from the community were also good. They were much more mature in those incident management scenarios. 

SentinelOne was just detection and isolation; it didn't have much incident management built in. But we have our own incident management function, so that wasn't a deal-breaker.

How was the initial setup?

The initial setup was quite easy and very straightforward. 

What about the implementation team?

My team is familiar with most of these products, so for them, it was a breeze. There were no issues.

We normally take an evaluation period of 45 days. That's the trial period they give, during which we test everything and then give them the results.

What's my experience with pricing, setup cost, and licensing?

Overall, the price is very competitive. It's just relatively low compared to other products. The team told me it's something like 12% cheaper than CrowdStrike.

SentinelOne is much more cost-effective compared to other software because they offer a lot of flexibility in terms of licenses, which you can scale every month.

But others might have a more user-friendly, centralized console. If that's a need, then you have to pay a premium for that.

What other advice do I have?

Overall, I would rate the solution a nine out of ten. Considering what happened with CrowdStrike recently, it is all over the news. 

The main point is that if you want feature parity across Mac and Linux, they should go with SentinelOne, not CrowdStrike. CrowdStrike may be very good for Windows, but that's also in question right now. We feel SentinelOne is a little better for Windows.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Information Security Principal at a venture capital & private equity firm with 1,001-5,000 employees
Real User
Top 5
Mar 10, 2025
Reduces workload by consolidating functionalities into a single platform
Pros and Cons
  • "APT and ransomware protection is valuable."
  • "This technology is perfect for us."
  • "They should host a data center in Saudi Arabia, making it easy for customers to go for a SaaS model."
  • "Sometimes, support can be lacking. We would like to have more interactive sessions, which are not currently available."

How has it helped my organization?

Singularity Complete integrates well. We have changed our monitoring solution, and SentinelOne supports that solution. We are using SecureWorks to monitor our system. It is directly using the SentinelOne agent. All security logs for SentinelOne and other security products are being pushed to that one. SecureWorks consolidates all the logs and alerts, and we are getting 24/7 monitoring.

Singularity Complete significantly reduces alerts. It has reduced false positives by 30% to 40%.

Singularity Complete helps free up our staff for other projects and tasks. We have fewer false positives. We are very comfortable with it. Before, we had to provide extensive technical support for endpoint protection, but after installing the agent, administration became much easier.

Singularity Complete has been excellent, and we have not faced any issues in the last three to four years. It has reduced critical risks significantly.

Singularity Complete has reduced our mean time to remediate to a good level. It has also reduced the organizational risk.

We have used Ranger, but it is not always useful for us because most of our users are working from remote areas. It is a bit difficult for Ranger to identify them because they are working with some local networks. However, we are protecting our endpoints with the agents. It is mandatory for our technicians to install this agent.

What is most valuable?

APT and ransomware protection is valuable. We also use the Vigilance service from SentinelOne. It is a complete XDR platform for us.

What needs improvement?

Sometimes, support can be lacking. We would like to have more interactive sessions, which are not currently available. A chat service for technical support would also be beneficial. With other vendors, we are able to resolve small issues through the chat, whereas with SentinelOne, we have to open a ticket. Without a ticket, we cannot do anything. It takes more time.

They should host a data center in Saudi Arabia, making it easy for customers to go for a SaaS model.

For how long have I used the solution?

We have been working with SentinelOne since 2019. It has been almost five years.

What do I think about the stability of the solution?

For EDR, the solution is perfect. Over the five years of using it, many improvements have been made. Initially, there were issues, particularly on the management side, but now the console is much more stable.

How are customer service and support?

They can provide more interactive options for support. For example, a chat service would be beneficial.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we were using Trend Micro, which posed a lot of issues. Trend Micro has different products for different things. For example, they have a different product for servers and a different product for clients. For management and reporting, there is another product. We have to manage a lot of things in Trend Micro. 

SentinelOne has consolidated these functionalities into a single platform, greatly reducing our workload. 

How was the initial setup?

The SaaS model is better, but due to some regulations, companies are hesitant to go for it. 

Deployment was challenging because we did not have software distribution capabilities at the time, and my technicians faced many challenges. I tried using group policy, and it worked for some clients, but not all, since half of my employees work remotely. Once deployed, agent updates were automated from SentinelOne. 

Maintenance is not required because we are using the SaaS model. We do not have any servers to manage, as it is a SaaS-based solution. When there is a new agent release from SentinelOne, we just have to deploy it from the console.

We have different entities inside our organization. It took us three to four weeks to deploy to about 1,500 endpoints. 

What about the implementation team?

My team handled the deployments. We had five to six technicians.

What was our ROI?

We have not faced any attacks since we implemented it. We had some critical incidents before this. In that respect, we have saved costs.

What's my experience with pricing, setup cost, and licensing?

Its cost is similar to Trend Micro, but the protection is much better. If you want protection, you have to pay the price.

What other advice do I have?

This technology is perfect for us. They are good at innovation and enhancements. We have good visibility across the network and endpoints. The product is continually improving, and I am very satisfied with it. I have already recommended it to a few people.

Overall, I would rate SentinelOne Singularity Complete a nine out of ten. There are areas for improvement, such as support and hosting data inside Saudi Arabia.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
SentinelOne Singularity Endpoint
June 2026
Learn what your peers think about SentinelOne Singularity Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,871 professionals have used our research since 2012.
AGM IT Security at Page Industries Ltd
Real User
Top 20
Feb 16, 2025
Achieved enhanced endpoint protection with AI-based zero-day threat mitigation and improved incident response time
Pros and Cons
  • "The XDR is a valuable feature."
  • "I think they should consider enhancing complete visibility."

What is our primary use case?

I use it for our XDR solution, managing various endpoints including Windows and Deepak. There are around twenty-five hundred endpoints where SentinelOne EDR or the Synchrony Solution is installed, helping me manage all my files. It is a next-generation antivirus solution with zero-day protection using AI or ML-based logic running in the backend to protect endpoints. Currently, there is no integration. It's an independent solution supporting my endpoint protection.

What is most valuable?

The XDR is a valuable feature. The AI-based engine protects against various behaviors and takes action on files being accessed. In terms of protection, I have an advanced app providing visibility of all my endpoints, which was not the case before. My time to respond to incidents has reduced, making it much more complete. I have the ability to isolate endpoints if identified as having malicious files or serious activity.

What needs improvement?

I think they should consider enhancing complete visibility. I haven't explored the network-related aspects, but if lacking, it is an area for improvement. Providing a single pane of visibility for the end user would be beneficial. This means not just seeing endpoints, but also the network and other connected devices through the Singularity portal. This would enhance decision-making and improve security posture.

For how long have I used the solution?

I have used the solution for three years.

What do I think about the stability of the solution?

It's a stable solution. My endpoints use minimal resources, and I have encountered no problems with installation, making it a stable product.

What do I think about the scalability of the solution?

From the console or admin perspective, as it is a SaaS product, scalability and management pose no problems. It's all auto-scale and auto-categorized, configuring automatically.

How are customer service and support?

I think they were responsive, but there was a delay in reaching out to my team on one incident report. This happened only once, which is why I am rating them eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I had a normal antivirus solution before upgrading to the next-gen XDR solution, which is SentinelOne.

How was the initial setup?

The setup is very straightforward. It took one month. Connecting to users was a manual process, but all network-connected devices were integrated without any challenges.

What about the implementation team?

There was a three-member team from the vendor side assisting with configuration and communication with my internal team. One of my team members coordinated with the end customers, who are the employees of my organization.

What was our ROI?

There isn't significant cost saving as such, but it has protected me from numerous virus or malware infections. This demonstrates an ROI.

What's my experience with pricing, setup cost, and licensing?

It's a fixed price per endpoint arrangement.

Which other solutions did I evaluate?

I have not used alternative solutions for the XDR solution. We were using an alternative antivirus solution before, but finalized on SentinelOne after considering other options.

What other advice do I have?

I rate the solution nine out of ten. It prevented potential losses, though not directly affecting ROI. To make it work effectively, ensure proper configuration and understanding of your network landscape. Initially set it to detect mode, then to protect mode, and later to auto-protect and quarantine mode. Allow one to three months to understand the network and work with a knowledgeable partner.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
Reseller
Top 5
Jan 20, 2026
Security correlations have boosted compliance operations and improve user productivity
Pros and Cons
  • "The main benefits the end-user gets from Singularity Platform are, first, the program itself being very small, and then we get better output from applications running on their systems."
  • "In my opinion, the real-time monitoring capabilities in Singularity Platform sometimes work and sometimes they don't, because there are a lot of false positives and people use unsigned applications which get deleted or quarantined by the product."

What is our primary use case?

My main use cases for Singularity Platform are compliance and security operations.

What is most valuable?

I have found the correlations in Singularity Platform to be the most valuable. The main benefits the end-user gets from Singularity Platform are, first, the program itself being very small, and then we get better output from applications running on their systems. The output of the users has gone up 50%, although I don't remember other benefits at this time.

What needs improvement?

There are a lot of false positives in that, which is why I'm not working with it. The use of the fraud detection feature in financial services in Singularity Platform depends on the compliances that are applicable to the organization, so it may be useful for some and may not be useful for others. I did that by myself, not with the help of Singularity Platform. In my opinion, the real-time monitoring capabilities in Singularity Platform sometimes work and sometimes they don't, because there are a lot of false positives and people use unsigned applications which get deleted or quarantined by the product. It's not a 100% foolproof solution.

A point for improvement for SentinelOne is that the false positives are huge since people in India, at least, are using homegrown applications which get blocked. Right now, Singularity Platform is working fine, but people have concerns about enhancements like website monitoring that can be done through Singularity Platform itself, so they don't need to buy any SASE products for people working from home to control their browsing. If that feature can be included, it will be a big advantage.

For how long have I used the solution?

I have been working with Singularity Platform for almost two years now.

What do I think about the stability of the solution?

I had some issues with that.

What do I think about the scalability of the solution?

I would rate the scalability a nine.

How are customer service and support?

Technical support will always be between six and seven.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup for Singularity Platform is very simple; the dashboard is quite simple, and the agents' installations are very simple, like one click, I would say.

What's my experience with pricing, setup cost, and licensing?

For pricing, I would say it's a six. It could be cheaper, as I understand.

Which other solutions did I evaluate?

The main competitor for Singularity Platform is CrowdStrike at number one, and the second is Trellix, which is coming up very fast. The leader on the market is still SentinelOne, but if they don't add some add-ons to their product like Trellix and CrowdStrike have, they may lag very soon. If we do only apple-to-apple comparison on Singularity Platform, then I'll give it ten marks.

What other advice do I have?

Singularity Platform functions as a security information and event management solution, and that is an inbuilt part of it. I believe in the correlations that I get because we work on it, but we don't use the Purple AI part of it. I'm not able to get clarity regarding the real-time personalization feature in Singularity Platform. I do not use the real-time personalization feature in Singularity Platform. It is a matter of false positives when people use it in my area.

Regarding the impact of Singularity Platform on supply chain processes, I don't have much on it, but it's a good product and the tracking is better with the log capturing and the data that we get from it. The customer does require customizations on the dashboards as per the requirement of their organizations; if it's manufacturing, medical, or financial institution or banking, then they will have different requirements for their dashboards, which are yet not available, so we have to actually build up those dashboards for them. I can recommend Singularity Platform to other users. I have provided this review a rating of 9.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. reseller
Last updated: Jan 20, 2026
Flag as inappropriate
PeerSpot user
reviewer1964085 - PeerSpot reviewer
President at a tech services company with 1-10 employees
Real User
Top 10
Jul 31, 2025
prevention of ransomware attacks shows reliability and effectiveness in business environments
Pros and Cons
  • "It recently stopped a ransomware attack at one of my clients, proving its reliability."
  • "I don't think there is real-time threat intelligence within SentinelOne Singularity Complete, and if there is, I'm not using it."

What is our primary use case?

I typically deploy it into typical business environments such as law offices, doctors' offices, and marketing companies. I have clients of all walks of life, including accountants, attorneys, doctors, and veterinarians. I work in a very simple environment and am not dealing with high security, such as CIA-level security. For example, I use it in a doctor's office where it does a good job staying HIPAA compliant.

How has it helped my organization?

The best aspects of SentinelOne Singularity Complete for these clients are its ability to detect malicious activity. While there are sometimes false positives, they are minimal, making it quite effective. It recently stopped a ransomware attack at one of my clients, proving its reliability. The clients do not see immediate efficiency gains or significant time savings.

What needs improvement?

I haven't done any integrations, as I'm just in the beginning stage of ramping up the product implementation and mastering the product. I don't qualify myself as a master in the use of SentinelOne Singularity Complete, so I cannot offer great insight on this.

For how long have I used the solution?

I have dealt with SentinelOne Singularity Complete for less than a year.

What do I think about the stability of the solution?

The stability of SentinelOne Singularity Complete is demonstrated through its ability to detect malicious activity. While there are sometimes false positives, they are minimal. It recently stopped a ransomware attack at one of my clients, proving its reliability.

What do I think about the scalability of the solution?

My clients are mostly small, and my largest client has about thirty computers. I do the deployment myself, and it's not a huge effort. It's not comparable to dealing with a company that has three thousand computers.

Which solution did I use previously and why did I switch?

In the past, I used another product that malfunctioned and caused high processor activity which required stopping and reinstalling it. However, this hasn't happened with SentinelOne Singularity Complete. I used to have many false positives with other products that would block good programs, but I haven't experienced that with SentinelOne Singularity Complete, making it more quiet and efficient.

How was the initial setup?

The initial setup was very simple; deployment is straightforward. Fine-tuning it is a bit more involved, but overall, it's a very simple product to get started with.

What about the implementation team?

I was a part of the setup and deployment process.

What was our ROI?

The return on investment for my clients isn't visible until there is an incident or an attack that gets stopped. Then they realize the value of prevention. The challenge with security products is that ROI isn't apparent until an incident demonstrates the potential for loss. Clients often think they are immune, especially small ones, believing they're too small to be attacked. They don't realize that the cost of an attack could be a hundred thousand dollars, while they perceive the likelihood as very low.

What's my experience with pricing, setup cost, and licensing?

The pricing for SentinelOne Singularity Complete is good. There are other products that are less expensive, but I tell my clients that in security, they cannot cut corners or look for the cheapest solution. If they want security, looking for the cheapest solution means they have the wrong approach, because good products are not cheap.

What other advice do I have?

I don't have hands-on experience with CrowdStrike, Cisco, or Palo Alto products, but I know the companies. I do not have experience with AI features or AI analytics yet. I don't think there is real-time threat intelligence within SentinelOne Singularity Complete, and if there is, I'm not using it. I'm just getting to learn the product, so I cannot offer any deep insightful opinion. On a scale of one to ten, I would rate it a nine or a ten, as I'm very happy with it currently.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer2846475 - PeerSpot reviewer
Senior Security Engineer at a consultancy with 1-10 employees
Real User
Top 20
Jun 3, 2026
Automated protection has minimized threats and reduced detection and response times dramatically
Pros and Cons
    • "It would be nice if they improved the user interface."

    What is our primary use case?

    My main use case for SentinelOne Singularity Endpoint is endpoint detection and monitoring as well as monitoring devices. An example of how I use SentinelOne Singularity Endpoint for endpoint detection is monitoring the device to see if there is any suspicious activity.

    SentinelOne Singularity Endpoint has a very quick detection capability, so we managed to detect a virus and quarantine it during a recent situation.

    What is most valuable?

    The best features SentinelOne Singularity Endpoint offers are the fact that it quarantines any malicious activity very quickly and it detects by hashes. When threats such as ransomware or malware are detected, it alerts me quickly and quarantines the file.

    SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up. SentinelOne Singularity Endpoint is deployed in my organization on-premises via agents that are installed on each device. SentinelOne Singularity Endpoint has impacted my organization positively as we have been able to minimize threats, and it is automated.

    What needs improvement?

    It is very difficult to say how SentinelOne Singularity Endpoint can be improved as it is such a great product. It would be nice if they improved the user interface. I wish it was easier to navigate the dashboard and that it was more user-friendly.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Endpoint for three years in total.

    What do I think about the stability of the solution?

    SentinelOne Singularity Endpoint is stable.

    What do I think about the scalability of the solution?

    SentinelOne Singularity Endpoint's scalability is very easy to scale because it just takes adding devices since the main server is already set up.

    How are customer service and support?

    The customer support is great and very easy.

    I would rate the customer support on a scale of 1 to 10 as a 10, and I would give customer support a 9 from 1 to 10.

    Which solution did I use previously and why did I switch?

    I previously used Microsoft Defender. I switched because SentinelOne Singularity Endpoint has a lot more AI capabilities and is much easier to use and has a better detection procedure.

    How was the initial setup?

    My experience with pricing, setup cost, and licensing was very easy and simple.

    What about the implementation team?

    Singularity Complete has helped me consolidate my security solutions, as I was able to get rid of a lot of unnecessary software.

    What was our ROI?

    I have seen no return on investment as I do not deal with finances.

    What's my experience with pricing, setup cost, and licensing?

    My experience with pricing, setup cost, and licensing was very easy and simple.

    Which other solutions did I evaluate?

    I evaluated other options such as Microsoft Defender as well as Kaspersky before choosing SentinelOne Singularity Endpoint.

    What other advice do I have?

    SentinelOne Singularity Endpoint has helped reduce my organization's mean time to detect, or MTTD, by 56 percent. SentinelOne Singularity Endpoint has helped reduce my organization's mean time to respond, or MTTR, by 50 percent.

    My advice to others looking into using SentinelOne Singularity Endpoint is that they should evaluate the product and run a proof of concept to see if it is well-suited for the organization.

    Regarding SentinelOne Singularity Endpoint's AI capabilities, I believe it has a lot of governance and security features that are built-in, which I am very impressed with. It is very accurate in terms of its detection regarding SentinelOne Singularity Endpoint's AI capabilities in terms of accuracy and reliability of its output.

    I am very impressed with SentinelOne Singularity Endpoint's ability to ingest and correlate across my security solutions because the solution is able to do its own thing with very little interaction with anything else.

    Singularity Complete has helped reduce alerts by 56 percent as it was able to mitigate false positives. Singularity Complete has saved my staff a couple of hours every day as less human intervention is required and they are able to release the devices. I would rate this solution overall a 10.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
    Last updated: Jun 3, 2026
    Flag as inappropriate
    PeerSpot user
    Greg Hansen - PeerSpot reviewer
    Director, Information Technology at Lenovo
    Video Review
    Real User
    Top 5
    Oct 30, 2024
    Our security analysts can efficiently manage incidents and investigations with its succinct interface
    Pros and Cons
    • "We are freeing up our resources and our security analysts' time to focus on the most critical threats to our landscape by not having to chase down false positives."
    • "SentinelOne can continue to make the presentation of relevant and timely data to the analysts as succinct and clear as possible. It will allow analysts to execute remediation or resolution with the least amount of clicks."

    What is our primary use case?

    We have the Singularity Endpoint Detection platform along with the MDR service. We are using their Singularity Enterprise offering along with Vigilance Pro.

    We are currently in the process of deploying it. We started with the deployment earlier this calendar year with a goal of reaching 30,000 endpoints this year. We have deployed to about 25,000 endpoints to date. Our end goal is 100,000, but that will be phased in over the next year.

    How has it helped my organization?

    Our deployment experience has been excellent. We have received a ton of support from their customer success team. We are using this initial deployment to tune the product to make sure it is not causing performance issues on our endpoints. We are going about it in a very methodical fashion.

    It has helped us achieve business goals in a few areas. Even though we are early in our adoption, there are a few areas where I have seen benefits. One is around the technology, the solution itself. It provides our security analysts with a very succinct and usable interface that they can use to effectively and efficiently manage incidents and investigations. 

    The second area is around the MDR. This has been a huge benefit to us compared to our prior solution. We used to get a lot of false positives. That took up the time of our security analysts, which then took away time from addressing real problems.

    The risk management at Lenovo has improved greatly over our prior toolset. We have identified risks that we would not have otherwise identified with our prior implementation.

    Our analysts' efficiency has gone up tremendously. We are not chasing false positives. The tool provides timely and relevant information to our analysts so that they can address the events with confidence. They know they are working on the right activities, and then along with the managed service, they are not chasing rudimentary incidents. Those are being resolved before they can get to our team.

    It has definitely helped us reduce noise. In the prior platform, which we are phasing out, the false positive rate was tremendously high. That caused a huge amount of inefficiency in the team.

    It has helped us increase our incident response because we are working as a team. We not only have an improved platform for detecting and managing incidents; we are also partnering with SentinelOne on the MDR and the managed service aspect of it.

    It has helped us improve our mean time to respond from a perspective of seeing what is happening. I do not have any metrics related to the percentage of that improvement.

    It has highlighted the risk of insider threats, and we have found that on multiple occasions. It is hard to compare if they would have been caught in our prior solution, but we have increased visibility into what is going on across our network and the machines that are connected to it.

    SentinelOne is an integral part of our AI strategy. We have recently got a chief AI officer in our organization. He happened to be our chief security officer, so we take AI very seriously. There are two things that AI can impact. We can leverage SentinelOne to help us protect the AI models that we develop and use, but we can also leverage AI for endpoint protection in the product itself. We can utilize the AI offering to improve our response rate and mean time to respond.

    What is most valuable?

    We are freeing up our resources and our security analysts' time to focus on the most critical threats to our landscape by not having to chase down false positives. In conjunction with the MDR, many of those incidents and events are mitigated and resolved without any intervention from our team.

    What needs improvement?

    SentinelOne can continue to make the presentation of relevant and timely data to the analysts as succinct and clear as possible. It will allow analysts to execute remediation or resolution with the least amount of clicks.

    For how long have I used the solution?

    We started with the deployment earlier this calendar year.

    How are customer service and support?

    The support from SentinelOne has been second to none, exceeding expectations. Maybe we are in the honeymoon period, but they have definitely exceeded expectations. I have been part of many deployments, not just of cybersecurity platforms but also of other platforms, and SentinelOne, in comparison, has been second to none.

    How would you rate customer service and support?

    Positive

    What's my experience with pricing, setup cost, and licensing?

    We purchase it through CDW.

    Which other solutions did I evaluate?

    One of the primary considerations in evaluating EDR and identity security vendors was around the effectiveness of the detection and the ability to tune the solution to fit our needs. The presentation of the data to our analysts and the ability to detect events and threats that were not detected by our prior platform played a big role in that. We also were able to test out the MDR service as part of our proof of concept. That pushed it over the edge from anything we experienced with other vendors.

    Earlier, we had a high false positive rate coming in, which would take up our analysts' time. In addition to that, our prior vendors or other vendors would report threats and incidents to our team but not what action to take to resolve them. The huge difference that we have seen is that we are now getting feedback from SentinelOne and the MDR team, and it is coming back completely resolved and completed. We are more on an information basis, and we do not have to spend any time on resolution or investigation.

    What other advice do I have?

    Anyone considering changing their endpoint detection or SIEM solution should consider SentinelOne. It offers benefits in the product and technology aspect, service aspect, and partnership, allowing us to influence the roadmap and plan our cyber defenses.

    Even though we are early on in our adoption, we have had a direct line of contact with the product team. We have been able to provide feature requests. We are not simply a customer of SentinelOne. We view it as a partnership. We can influence the roadmap. Likewise, SentinelOne is providing us a vision of their roadmap, and we can plan accordingly how to steer our cyber defenses.

    As it stands today, I would rate SentinelOne Singularity Complete a nine out of ten simply because we are so early in our adoption that we are not taking full advantage of all the aspects of the solution. We will continue to grow and mature alongside the product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer2687556 - PeerSpot reviewer
    Cyber Consultant at a consultancy with 11-50 employees
    Consultant
    Top 10
    Apr 13, 2025
    User-friendly interface and policy customization helps with server protection
    Pros and Cons
    • "The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need."
    • "Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close."
    • "SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies."
    • "The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory."

    What is our primary use case?

    Our main use case is to protect all the Linux servers. We use it only for servers, not for users.

    How has it helped my organization?

    SentinelOne Singularity Complete is one of the most mature solutions available. It shows great benefits over time.

    We can install filters to analyze every alert, and make some whitelists, blacklists, and exceptions, thus helping reduce alerts.

    It can reduce the organization's risk. It gives better control to our limited team resources.

    It already has AI capabilities, which is one of their advantages.

    What is most valuable?

    When you select a policy for a type of server, such as an Active Directory, we can apply a dedicated policy. We can have a dedicated policy for Exchange Server and a dedicated policy for MS SQL, Oracle server, etc.

    The interface of SentinelOne Singularity Complete is user-friendly, and we can quickly find what we need.

    What needs improvement?

    The main issue with SentinelOne Singularity Complete was the process memory used for Linux servers, which generated a lot of tickets and incidents due to the high load of disk consumption and memory. The problem was on all systems, but especially on Linux servers. It might have already been fixed.

    SentinelOne Singularity Complete is the best EDR in the market, but it will evolve, though I have concerns about using US partners in Europe due to the geopolitical context. It is better to work with European companies.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for approximately four years.

    What do I think about the stability of the solution?

    For stability, I would rate it a nine, as I have experienced only the issue of overload.

    How are customer service and support?

    The technical support from SentinelOne Singularity Complete is very active and good, with a strong knowledge base available online. The response time of technical support is satisfactory and acceptable.

    I would rate their support a nine out of ten based on reactivity and the solutions they provide; this is based on my team's interactions, not mine.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    For Windows servers, we are using Defender. SentinelOne Singularity Complete is only used for Linux servers. 

    How was the initial setup?

    The initial setup was not really complex; we only needed one on-premise management server to deploy to different servers. It took about two months for about 300 servers.

    What about the implementation team?

    I am the third party assisting in the deployment.

    What's my experience with pricing, setup cost, and licensing?

    I don't know about the licensing model. It seems easy, but it's not my area of expertise. I don't have information on how it compares to its competitors, but the pricing is per device.

    Which other solutions did I evaluate?

    We conducted some PoCs between SentinelOne Singularity Complete, Defender, and Carbon Black, and we decided to go with SentinelOne Singularity Complete based on usability. 

    What other advice do I have?

    It is unclear if it has helped reduce our organization's mean time to detect or respond because we have a platform with four people, and we are using SOC as well. Our main activities are done by four people, and we don't have much time to conduct thorough investigations.

    I cannot assess SentinelOne Singularity Complete's ability to be innovative because we stayed with it after choosing it and never compared it with others.

    Overall, I would rate SentinelOne Singularity Complete a nine out of ten because nothing is perfect, but it is close.

    Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
    PeerSpot user
    Jai Prakash Sharma - PeerSpot reviewer
    Executive Vice President Technology at InfoEdge India Ltd
    Real User
    Top 5Leaderboard
    Sep 19, 2024
    Provides centralized management but doesn't work very well with Linux endpoints
    Pros and Cons
    • "Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise."
    • "We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything."

    What is our primary use case?

    We used it only for six months. Initially, it turned out to be a good product, but then we had an issue, so we stopped using it. We are now using CrowdStrike.

    From an endpoint perspective, we have a heterogeneous environment. We have Windows, we have Mac, and we have Linux endpoints. We deployed it on all the endpoints, all different operating systems, and cloud instances as well. Our AD was also integrated along with the identity solution, but the issues specifically get reported on the endpoints for open-source or Linux. That is why we decided not to move forward with it.

    By implementing SentinelOne Singularity Complete, we wanted security for our endpoints. After COVID, endpoint security became even more critical because our perimeter was more exposed. It was expanding wherever the end users were, so endpoint security became much more critical. Previously, in terms of endpoint security, the traditional antivirus, anti-malware, and endpoint protection were disconnected systems. We did not have any offline correlation, log collection, or policy management, whereas SentinelOne, as well as CrowdStrike, come with a central console. For compliance requirements, such as ISO, SOC 2, or PCI, we have to provide evidence in terms of the status of the endpoint patches and security posture. That is possible through the central console. That was the motivation for us to move to one of these products. SentinelOne was our first choice, but we ran into a specific issue.

    We had not specifically signed up for any risk management, but we were also looking to expand that to a completely managed SOC where we do the log correlation as well. When we initially started, we only started with the endpoint, identity, and cloud.

    How has it helped my organization?

    The main reason for getting this solution was that it was a new-gen endpoint solution for having an organization-wide view of security vulnerabilities or abnormal behavior. That was the main reason we got started with SentinelOne Singularity Complete. It gave us a lot of that information. It also helped us with compliance requirements. In the case of any specific instance or any abnormal behavior, its reports certainly helped us with the root cause analysis and collection of logs. It helped us in providing or collecting the evidence that we could use in our compliance reports to ensure proper reporting for relevant legal entities.

    The ranger product helped us to do discovery of endpoints. We could identify our rogue devices.

    SentinelOne Singularity Complete helped to reduce alerts. It groups the alerts. If you have similar alerts coming from the same server or a couple of servers at a similar time frame, it groups them and sends a single alert along with the device ID. This way, you have less number of alerts for the team to work on. If the agent itself is not in the running state or does not have the latest signatures available, it basically groups the alerts and tries to create a single alert. You have all the endpoints listed out, and you can take action against that particular issue rather than the same issue being reported from thousands of machines together. It is hard to provide the metrics, but generally, it helped quite a bit. I had around 8,000 endpoint licenses, and if 20% of the services started reporting the same issue, there would have been 1,500 to 1,600 alerts in a minute. It merges them into a single alert. We can also define a real-time action. A single alert helps our backend team to take action easily. The same is applicable to the SentinelOne support as well. If certain patches or certain actions are required to mitigate an issue, their team can do the mitigation in one shot and the fixes get pushed to all the servers that were reporting that particular issue. In one shot, you can automate and orchestrate your mitigation.

    SentinelOne Singularity Complete helped reduce the mean time to detect and the mean time to resolution. There was at least a 10% reduction.

    SentinelOne Singularity Complete did not help us save any direct costs, but there is an opportunity in terms of manhours saved in the backend because of having all these features integrated. There were indirect cost benefits. We saved a lot of hours because our engineers did not have to keep an eye on all the alerts. They could automate certain actions. That was an indirect cost benefit. I cannot list any direct cost benefits. These are costly products.

    SentinelOne Singularity Complete absolutely helped reduce organizational risk. It is meant for that. We had different levels of reporting available. We could have an executive view. We could view the standards or framework that we were using. We could see the level of compliance to various standards in terms of percentage. We could also define the actions by accepting something as a risk or mitigating that by orchestrating.

    What is most valuable?

    There is centralized reporting and view. We can have role-based access management where technical people or monitoring people can have a central dashboard with a single view of all the endpoints. Whether our endpoints are running on Windows, Mac, Linux, or any flavor of operating systems, and even mobile devices, we can have a central dashboard through which we can do complete user management and policy management. We can have a complete security posture organization-wise, department-wise, or business-wise.

    They have a good data lake kind of feature where you can ingest all the security logs. They can be from your endpoint, your identity management system, or your cloud. They can be from any of those services, so you get to do log analytics. That is one of the features that I liked about it. The same capability is also available with CrowdStrike which we are now exploring because of the issue with SentinelOne. However, at the time, with SentinelOne Singularity Complete, because of log analytics, we could do threat intel or sandboxing or have custom logic written for any specific kind of reaction. Those kinds of things were quite easy.

    Log analytics and a couple of other things were also pretty good.

    What needs improvement?

    We ran into production issues related to CPU utilization on Linux endpoints. Our production environment's performance got degraded like anything. After a lot of debugging, we figured out that because it consumed a big percentage of the CPU and memory. Some of the applications were restarting automatically or randomly. We had an auto-healing infrastructure, so if the system memory was available, the application would restart on its own. When this issue got prolonged, we could see a lot of service failures because of being out of memory. This issue started hitting us wherever we had persistence connection requirements. Because existing connections were breaking completely, any transaction that somebody was doing online got terminated, and that was a big issue.

    They should improve it for the open-source or Linux endpoints. They can provide customizations where we can limit the on-access CPU utilization or memory utilization. It should honor the specified limit and use only a limited percentage of CPU and memory rather than utilizing all the CPU or memory available on a system. 

    Other than that, I do not have any input. There is a lot of potential. There are a lot of possibilities for orchestration and sandboxing. Because we hit one particular issue, we were not able to continue using it, but I see a lot of opportunities there.

    For how long have I used the solution?

    With SentinelOne Singularity Complete, we did not work for a long time. We gave away this product within six months. There were some problems or issues reported, and that is why we discontinued using this product. We stopped using it nine to ten months ago. We have now migrated completely to CrowdStrike.

    What do I think about the stability of the solution?

    I discarded this product within six months. I would rate its stability a five out of ten.

    What do I think about the scalability of the solution?

    Its scalability is fine. I would rate it a nine out of ten for scalability. 

    We used it in a heterogeneous environment. We had about 8,000 endpoint licenses.

    How are customer service and support?

    I would rate their support a six out of ten because the issues that I had reported were not resolved.

    As a strategic partner, SentinelOne is pretty good. They are very proactive.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    Prior to SentinelOne Singularity Complete, we had multiple pieces. We did not have one single product for everything. For endpoint security, we had McAfee as an antivirus and anti-malware. For identity, there was a different application altogether. For SIEM, there was a completely different solution, and for log correlation, we had a different log management server. Dashboarding solutions were completely different. EPO was the tool that we had to orchestrate some of the endpoint and antivirus-related policies.

    We were having some challenges with SentinelOne Singularity Complete, so we migrated to CrowdStrike. We are now also exploring CrowdStrike's SIEM solution.

    From a maturity standpoint, both SentinelOne Singularity Complete and CrowdStrike are mature products.

    How was the initial setup?

    We deployed it on-prem and on the cloud. Its deployment was straightforward. It was orchestrated via my backend tool.

    It does not require much maintenance. The maintenance required is similar to an endpoint. One or two people are sufficient for 8,000 to 9,000 licenses because they need to just monitor the status. In case they find a rogue device, then only they have to take action. Otherwise, once they have a complete deployment done, they just need to automate reports and tasks. Those kinds of things certainly help.

    What's my experience with pricing, setup cost, and licensing?

    It is expensive. There is no doubt about it. If one of the functions does not work, it becomes very difficult for any CIO to justify the cost.

    I would not be able to share the exact price, but we had almost 8,000 endpoint licenses, and it was a huge cost.

    CrowdStrike is not cheaper than SentinelOne. Both products go neck to neck. Both are costly products. 

    What other advice do I have?

    I would advise going for this solution only if you have a clear use case.

    I have only one recommendation. If anybody wants to use such a solution to its potential, they need to be very clear about their use case. They need to know whether they want to go for the complete solution or they are just focusing on the endpoint solution. If you have a complete use case that requires EDR, identity, cloud, and log analytics, then SentinelOne or CrowdStrike makes sense. If you only have an endpoint use case, then these solutions do not make sense. It would not be a cost-effective deal.

    After the complete endpoint deployment, you have complete asset visibility. We never used the life cycle management piece. We were just using the EDR feature.

    SentinelOne Singularity Complete did not help free up the time of our staff for other projects and tasks. It has a lot of potential to do that, but we used it for a very short duration. Because of the issue we had, we did not continue using this solution. However, it has a lot of potential.

    I would rate SentinelOne Singularity Complete a six out of ten. After they improve the product and their support, I may increase the rating. At this time, I cannot rate it more than six.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer2676195 - PeerSpot reviewer
    IT Infrastructure Manager at a training & coaching company with 11-50 employees
    Real User
    Top 20
    Mar 18, 2025
    Simplifies operations with good UI and centralization
    Pros and Cons
    • "The web portal has a really good web UI, and all the things are well integrated."
    • "Singularity Complete has helped reduce alerts."
    • "The basic functionalities should be up and running even during maintenance windows. I understand that it is a software-as-a-service model, but it becomes a problem if I cannot do anything when issues occur during maintenance."
    • "The maintenance window can be improved because once it happened that I had multiple laptops, and the maintenance window caused a lot of laptops to get stuck in the portal, blocking access."

    How has it helped my organization?

    Singularity Complete has helped reduce alerts. We have one place to go to check them, and there is also a reduction in false alerts.

    Singularity Complete helped free up our staff for other projects and tasks. I do not have the metrics, but it saves a lot of time compared to what I have used at other companies.

    Singularity Complete has helped reduce our mean time to detect. We only have to look at the portal. We can quickly isolate the user or the device, which also stops the virus from spreading. It also reduces our mean time to respond.

    What is most valuable?

    The web portal has a really good web UI, and all the things are well integrated. It is easy for us to increase the number of users because it is pretty simple.

    What needs improvement?

    The maintenance window can be improved because once it happened that I had multiple laptops, and the maintenance window caused a lot of laptops to get stuck in the portal, blocking access. This is important to address. The basic functionalities should be up and running even during maintenance windows. I understand that it is a software-as-a-service model, but it becomes a problem if I cannot do anything when issues occur during maintenance.

    They could make it simple to have a SIEM integrated with their solution so that we can send logs to their server and then analyze them.

    For how long have I used the solution?

    I have been using SentinelOne Singularity Complete for almost one year.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    It is scalable. We have 50 users in our company. We have three administrators. We also have a consultant.

    How are customer service and support?

    I did not have the opportunity to contact them because I had almost no issues.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We were probably using Webroot. I was not there when they made the decision to switch.

    How was the initial setup?

    I did not participate in the initial setup, but our new onboarding process for laptops is really straightforward. You just join the domain, and the software gets installed automatically. It is bound to our site, making it very easy.

    What was our ROI?

    It is difficult to measure ROI, but since we started using it, we have not had any problems related to security. We have not experienced any breaches or issues so far.

    It has absolutely helped reduce our organizational risk.

    What's my experience with pricing, setup cost, and licensing?

    Overall, it was a good experience. It is pretty easy for us to increase the number.

    What other advice do I have?

    SentinelOne is focused on this solution. This is evident in the GUI. The GUI is well done compared to solutions like Microsoft Defender which I have been trying to get into, but it almost repels me. SentinelOne Singularity Complete is very stable and mature. It is one of the best solutions that one can choose.

    I would rate SentinelOne Singularity Complete a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Buyer's Guide
    Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2026
    Buyer's Guide
    Download our free SentinelOne Singularity Endpoint Report and get advice and tips from experienced pros sharing their opinions.